Jump to content


Photo

Check session id to log in


  • Please log in to reply
3 replies to this topic

#1 master82

master82
  • Members
  • PipPipPip
  • Advanced Member
  • 182 posts

Posted 13 June 2006 - 11:53 AM

In my database I have a table called active - [userid, sessionid, ip, started, expire].

When a user logs in a session is created, its id recorded with user id, ip, the time it was created and an expiry time (I dont place any values into the session itself).

I have a script that deletes expired sessions from the table but need to make another script that I can use as an include on all my web page to do the following:
  • check the session id
  • see if it exists in the active table
  • - - - if so, update/replace started (to time()) and update expire (time()+900)
  • - - - If not, redirect to login page (login.php)
Its basically a script to see if the user has already logged on in the last 15 mins.

Heres my really bad attempt...

<?php
include("connect.php");
session_start();

$sessionid = session_id();

$sql = "SELECT userid FROM active WHERE sessionid = '$sessionid'";
$result = mysql_query($sql,$conn) or die("No session matched");
if (mysql_num_rows($result) == 1) {
$userid = mysql_result($result, 0, 'userid');

$log = time();
$expire = $log + 900;
$ip = $_SERVER['REMOTE_ADDR'];

$Sql = "REPLACE INTO active (userid, sessionid, ip, logged, expire) VALUES ('$userid', '$sessionid', '$ip', '$log','$expire') WHERE sessionid = '$sessionid'";
$results = mysql_query($sql,$conn) or die("Unable to replace");
}
else
{
header("Location: login.php");
}
?>

Anyone able to create this script or point me in the right direction?

#2 joquius

joquius
  • Members
  • PipPipPip
  • Advanced Member
  • 319 posts

Posted 13 June 2006 - 12:12 PM

sure this is what i use:

<?
clean_sessions (); // your function for cleaning expired sessions

if (mysql_result (mysql_query ("SELECT `ip` FROM `active` WHERE `sessionid` = '$session_id'"), 0) == $_SERVER['REMOTE_ADDR'])
{
    mysql_query ("UPDATE `active` SET `expire` = '".time()."' + 900 WHERE `sessionid` = '$session_id'");
    echo "yay";
}
else
{
    header ("location: /login.php");
}
?>

remember the deletion function already removed the expired functions so you don't need to check if it is expired again.
z..z..z..z..z..z..z..z..

#3 master82

master82
  • Members
  • PipPipPip
  • Advanced Member
  • 182 posts

Posted 13 June 2006 - 12:30 PM

I've done that, but now I get this at the top of each page:

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 7 in Drive:\something\something\something\something\something\session.php on line 6

Warning: Cannot modify header information - headers already sent by (output started at Drive:\something\something\something\something\something\session.php:6) in Drive:\something\something\something\something\something\session.php on line 12

Any idea what the problem is?


#4 joquius

joquius
  • Members
  • PipPipPip
  • Advanced Member
  • 319 posts

Posted 13 June 2006 - 12:56 PM

these are guidelines, you want to make sure the $ are correct as well as matching db fields. you can also do this

more valid
$sql = "SELECT `ip` FROM `active` WHERE `sessionid` = '$session_id'";
if (mysql_query ($sql) && mysql_result (mysql_query ($sql), 0) == $_SERVER['REMOTE_ADDR'])
{
    mysql_query ("UPDATE `active` SET `expire` = '".time()."' + 900 WHERE `sessionid` = '$session_id'");
    echo "yay";
}
else
{
    header ("location: /login.php");
}

z..z..z..z..z..z..z..z..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users